This agreement fails to go far enough, particularly given Facebook's persistent "easier to get forgiveness than permission" history. At a bare minimum, users need to be able to maintain knowledge of and control over the information they provide to Facebook, including a right of deletion (with deletion to be confirmable, and any failure to comply subject to civil and criminal penalities, a right to know what information has been provided about them and to whom. Likewise, any privacy policy changes should be required to have a prominent announcement at least thirty days before implementation. Most importantly, Facebook should be subject to random, unannounced audits by third parties, rather than having them be on a specific predetermined schedule. These audits should limited in number to not be unduly burdensome, but Facebook should not be in a position where it can arrange to only appear to be in compliance when a known deadline is approaching.